{"id":10417,"date":"2024-12-16T12:58:44","date_gmt":"2024-12-16T12:58:44","guid":{"rendered":"\/cybersecurity-blog\/?p=10417"},"modified":"2025-09-29T06:00:30","modified_gmt":"2025-09-29T06:00:30","slug":"inside-cyber-threat-intelligence-feeds","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/","title":{"rendered":"What&#8217;s Inside ANY.RUN&#8217;s Cyber Threat Intelligence Feeds?"},"content":{"rendered":"\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>\u2019s <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=tifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence<\/a> (TI) feeds provide an invaluable solution for organizations seeking to detect and mitigate the latest malware and phishing campaigns, attacks, and cybercriminal tactics.<\/p>\n\n\n\n<p>But what exactly is inside these feeds, and how can they help companies strengthen their cybersecurity?<\/p>\n\n\n\n<p>Let\u2019s dive into the details.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are ANY.RUN\u2019s Threat Intelligence Feeds?<\/h2>\n\n\n\n<p>ANY.RUN\u2019s <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence (TI) Feeds<\/a> are a comprehensive collection of <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">Indicators of Compromise<\/a> (IOCs) that can expand security systems&#8217; threat detection capabilities. These feeds don\u2019t just give you the basics, they go deep, providing malicious IPs, URLs, domains, file hashes, and even links to actual analysis sessions, showing you how threats behave.<\/p>\n\n\n\n<p>Where does this data come from? An international community of over 500,000 researchers and cybersecurity pros who upload and analyze real-world malware and phishing samples every day to ANY.RUN&#8217;s <a href=\"https:\/\/app.any.run\/submissions\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">Public submissions repository<\/a>.<\/p>\n\n\n\n<p>With TI Feeds from ANY.RUN, <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-for-organizational-performance\/\" target=\"_blank\" rel=\"noreferrer noopener\">organizations can<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Expand Threat Coverage:<\/strong> Extend your security systems\u2019 ability to detect emerging malware and phishing attacks.&nbsp;<\/li>\n\n\n\n<li><strong>Improve Incident Response<\/strong>: Enrich incident response processes with contextual data from the feeds, providing deeper insights into threats and their behaviors.&nbsp;<\/li>\n\n\n\n<li><strong>Strengthen Security Posture: <\/strong>Ensure proactive defense against new and evolving threats.&nbsp;<\/li>\n\n\n\n<li><strong>Optimize Threat Hunting: <\/strong>Streamline<strong> <\/strong>threat hunting activities, identifying and investigating potential threats more efficiently.&nbsp;<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nWant to integrate <span class=\"highlight\">CTI Feeds from ANY.RUN?<\/span><br>Reach out to us and we&#8217;ll help you set it up&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=inside_ti_feeds&#038;utm_term=161224&#038;utm_content=tiplans\" rel=\"noopener\" target=\"_blank\">\nContact us\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Key Features of ANY.RUN\u2019s CTI Feeds<\/h2>\n\n\n\n<p>Here\u2019s what makes ANY.RUN\u2019s CTI feeds valuable for cybersecurity teams:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fresh Data: <\/strong>Contain data extracted from the latest threat samples. These were uploaded to our interactive sandbox by a global network of over 500,000 security professionals.&nbsp;<\/li>\n\n\n\n<li><strong>Actionable Indicators<\/strong>: Supply indicators from decompressed traffic, memory dumps, and malware configurations along with those manually collected by our team of malware analysts, as well as data from partners and OSINT sources.&nbsp;<\/li>\n\n\n\n<li><strong>Contextual Information<\/strong>: Offer more than just IOCs by providing direct links to full sandbox analysis sessions that include memory dumps, network traffic, and events.&nbsp;<\/li>\n\n\n\n<li><strong>Rigorous Pre-Processing<\/strong>: Use advanced algorithms and proprietary technology for data filtering and validation.&nbsp;<\/li>\n\n\n\n<li><strong>Continuous Updates<\/strong>: Updated in real time, helping security teams stay ahead of emerging threats and respond quickly to new threats.\u00a0<\/li>\n\n\n\n<li><strong>STIX and MISP Format<\/strong>s: Deliver threat intelligence feeds in the STIX and MISP formats, making it easy for security teams to integrate our data into their existing infrastructure.&nbsp;<\/li>\n\n\n\n<li><strong>API Support<\/strong>: Integrate into existing security systems via API for real-time threat updates and automated responses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s Inside ANY.RUN\u2019s CTI Feeds?<\/h2>\n\n\n\n<p>The IOCs include information on malicious IP addresses, domain names, and URLs, enriched with contextual details such as related files and ports. Here\u2019s a closer look at what\u2019s inside:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">IP addresses<\/h3>\n\n\n\n<p>IP addresses are important for detecting and preventing malicious network activity. They serve as digital markers of cybercriminal operations, often linked to Command-and-Control (C2) servers or phishing campaigns.<\/p>\n\n\n\n<p>By analyzing IP addresses, cybersecurity teams can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Identify malicious sources:<\/strong> Pinpoint harmful traffic and proactively block it.<\/li>\n\n\n\n<li><strong>Trace attack origins:<\/strong> Gain insights into the geolocation and tactics of attackers.<\/li>\n\n\n\n<li><strong>Monitor threat patterns:<\/strong> Detect repeated use of IPs across campaigns.<\/li>\n\n\n\n<li><strong>Enhance network security:<\/strong> Use IP-based firewalls and intrusion prevention systems (IPS) to block unwanted traffic.<\/li>\n<\/ul>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type: ipv4-addr\n      id: ipv4-addr--75725b48-17a3-575d-a5de-b5d9798bde8d\n      value: 103.168.67.9\n      created: '2024-06-13T06:26:00.704Z'\n      modified: '2024-06-13T06:26:00.704Z'\n      external_references:\n        - source_name: ANY.RUN task 11ce507f-d535-4bf1-8973-989d7654017a\n          url: https:\/\/app.any.run\/tasks\/11ce507f-d535-4bf1-8973-989d7654017a\n      labels:\n        - RedLine\n      related_objects:\n        - relationship_type: contains\n          source_ref: ipv4-addr--75725b48-17a3-575d-a5de-b5d9798bde8d\n          target_ref: file--49ef9153-94eb-5d05-bac2-19a54738afab\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 90\n      revoked: false<\/code><\/pre>\n\n\n\n<p>ANY.RUN\u2019s TI feeds don\u2019t just list malicious IPs. They provide detailed context that turns raw data into actionable insights for cybersecurity teams. This enriched information helps assess the behavior and impact of each IP. Here\u2019s what\u2019s usually included:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>External references<\/strong><strong>: <\/strong>Links to relevant sandbox sessions<strong>.<\/strong><\/li>\n\n\n\n<li><strong>L<\/strong><strong>abel<\/strong><strong>: <\/strong>Name of the malware family or campaign.<\/li>\n\n\n\n<li><strong>Detection timestamps:<\/strong> &#8220;Created&#8221; and &#8220;Modified&#8221; dates provide a timeline to understand if a threat is ongoing or historical.<\/li>\n\n\n\n<li><strong>Related <\/strong><strong>objects<\/strong><strong>:<\/strong> IDs of files and network indicators related to the object in question.<\/li>\n\n\n\n<li><strong>Score<\/strong>: Value representing the severity level of the IOC.<\/li>\n\n\n\n<li><strong>Revoked<\/strong>: Field indicating whether the IOC has been invalidated.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Domains<\/h3>\n\n\n\n<p>Domains play a crucial role in hosting malicious content, phishing campaigns, and distributing malware. They are often used as staging points for cyberattacks, making them a key focus for threat detection and mitigation.<\/p>\n\n\n\n<p>ANY.RUN\u2019s TI feeds provide comprehensive information about domains, including all the details available for IP addresses, such as threat names, types, detection timestamps, and related file hashes.<\/p>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type: domain-name\n      id: domain-name--f17dd142-08ac-54cb-bb88-97f1e07fb6fc\n      value: mail.sdil.ac.ir\n      created: '2024-06-10T21:13:17.465Z'\n      modified: '2024-06-17T13:37:53.620Z'\n      external_references:\n        - source_name: ANY.RUN task 64e1d470-dcd4-4d78-b1f0-aa4d9bd6f225\n          url: https:\/\/app.any.run\/tasks\/64e1d470-dcd4-4d78-b1f0-aa4d9bd6f225\n        - source_name: ANY.RUN task 090c21da-a050-4f88-bb09-1bae142df1cb\n          url: https:\/\/app.any.run\/tasks\/090c21da-a050-4f88-bb09-1bae142df1cb\n      labels:\n        - AgentTesla\n      related_objects:\n        - relationship_type: contains\n          source_ref: domain-name--f17dd142-08ac-54cb-bb88-97f1e07fb6fc\n          target_ref: file--dbee2af2-3be4-5e2a-9bf3-94e3fe8637b3\n        - relationship_type: contains\n          source_ref: domain-name--f17dd142-08ac-54cb-bb88-97f1e07fb6fc\n          target_ref: file--9794dd40-085a-5c84-8d95-70cbd8efcf1d\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 100\n      revoked: false<\/code><\/pre>\n\n\n\n<p>Keep in mind that domains provide a higher-level view of malicious activity, often connecting multiple IPs or malware instances within a single campaign.<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nGive <span class=\"highlight\">CTI Feeds from ANY.RUN<\/span> a try<br>Start with a free demo sample in STIX or MISP&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=inside_ti_feeds&#038;utm_term=161224&#038;utm_content=tifeeds\" rel=\"noopener\" target=\"_blank\">\nIntegrate via API\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">URLs<\/h3>\n\n\n\n<p>URLs play a significant role in cybercriminal operations, often serving as gateways to distribute malware, execute phishing campaigns, or redirect users to malicious content. Their flexibility and ease of use make them a preferred tool for attackers.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">How URLs are used:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Malware delivery:<\/strong> Embedded in emails or websites, URLs download malware or redirect to exploit kits.<\/li>\n\n\n\n<li><strong>Phishing campaigns:<\/strong> Lead users to fake websites designed to steal sensitive information.<\/li>\n\n\n\n<li><strong>Command-and-Control (C2):<\/strong> Facilitate communication between malware and attackers for issuing commands or data exfiltration.<\/li>\n\n\n\n<li><strong>Exploitation and redirection:<\/strong> Redirect victims to malicious sites hosting drive-by downloads or exploits.<\/li>\n<\/ul>\n\n\n\n<p>By analyzing URLs, cybersecurity teams can uncover attack patterns, block harmful traffic, and prevent unauthorized access to systems and data.<\/p>\n\n\n\n<p><strong>Example:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type: url\n      id: url--001c0f70-93f8-583d-96ce-7c260da3a193\n      value: http:\/\/www.goog1evip15.com\/dogw\/\n      created: '2024-06-11T21:35:59.640Z'\n      modified: '2024-06-11T21:35:59.640Z'\n      external_references:\n        - source_name: ANY.RUN task 55051854-38c4-4d03-a70a-6dd2ce3d89ca\n          url: https:\/\/app.any.run\/tasks\/55051854-38c4-4d03-a70a-6dd2ce3d89ca\n      labels:\n        - Formbook\n      related_objects: &#91;]\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 100\n      revoked: false<\/code><\/pre>\n\n\n\n<p>Note that URLs often serve as entry points for malicious activity, acting as gateways for malware delivery, phishing attacks, or redirection to exploit kits, making them critical for identifying and mitigating cyber threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Additional Indicators in ANY.RUN&#8217;s TI Feeds<\/h2>\n\n\n\n<p>In addition to the core Indicators of Compromise (IOCs) such as URLs, domains, and IPs, ANY.RUN\u2019s CTI feeds include a wealth of contextual information.<\/p>\n\n\n\n<p>This additional data enriches the IOCs, offering deeper insights into the nature and behavior of each indicator.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Files<\/h3>\n\n\n\n<p>For file indicators, ANY.RUN\u2019s CTI feeds provide detailed information to help identify and assess malicious files. Here are the key data fields included:<\/p>\n\n\n\n<p><strong>Example<\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type: file\n      id: file--249382b0-209d-5904-b725-b47663c6c412\n      hashes:\n        SHA-256: d564eb94afb174fe3b854de086eda2a4e015d778a9aea9806e79f82044eac74e\n        SHA-1: 14b96459dff641245aea6dacd34512830d945ee2\n        MD5: 5edee175c5003771dea841893ea46602\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 100\n      file_name: d564eb94afb174fe3b854de086eda2a4e015d778a9aea9806e79f82044eac74e.exe\n    - type: url\n      id: url--d65b67ec-39f2-5309-8cc9-56e016b6a48f\n      value: http:\/\/109.248.151.196\/rvBZyVEAb230.bin\n      created: '2024-06-11T18:44:15.898Z'\n      modified: '2024-06-11T18:44:15.898Z'\n      external_references:\n        - source_name: ANY.RUN task 35d75e14-c1a2-418c-b98f-f7d58cca93cb\n          url: https:\/\/app.any.run\/tasks\/35d75e14-c1a2-418c-b98f-f7d58cca93cb\n      labels:\n        - guloader\n      related_objects:\n        - relationship_type: contains\n          source_ref: url--d65b67ec-39f2-5309-8cc9-56e016b6a48f\n          target_ref: file--249382b0-209d-5904-b725-b47663c6c412\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 100\n      revoked: false<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Ports<\/h3>\n\n\n\n<p>Port indicators describe network activities related to specific port usage, offering insights into malicious connections.<\/p>\n\n\n\n<p><strong>Example<\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>type: port\n      id: port--60027215-4cf1-5773-bef7-62051468dbd3\n      port_value: 5555\n      created: '2024-06-16T02:32:35.010Z'\n      modified: '2024-06-16T02:32:35.010Z'\n      labels:\n        - NjRat\n      related_objects:\n        - relationship_type: services\n          source_ref: domain-name--8ee2a029-d3e7-53f1-84fb-bee3008c0060\n          target_ref: port--60027215-4cf1-5773-bef7-62051468dbd3\n      created_by_ref: identity--96a9cd9c-2f73-5ad3-a2ab-c14b3eba65c7\n      score: 100<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Integrate ANY.RUN\u2019s TI Feeds&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"571\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-1024x571.png\" alt=\"\" class=\"wp-image-10402\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-1024x571.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-300x167.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-768x429.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-370x206.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-270x151.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2-740x413.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/image5-2.png 1430w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN offers demo feeds samples in STIX and MISP formats<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>You can test ANY.RUN&#8217;s Threat Intelligence Feeds in STIX and MISP formats completely for free by <a href=\"https:\/\/intelligence.any.run\/feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_with_misp&amp;utm_term=121224&amp;utm_content=tifeeds\" target=\"_blank\" rel=\"noreferrer noopener\">getting a free demo sample here<\/a>.&nbsp;<\/p>\n\n\n\n<p>ANY.RUN also runs a dedicated MISP instance that you can syncronize your server with or connect to your security solutions. To get started, <a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=ti_feeds_with_misp&amp;utm_term=121224&amp;utm_content=tiplans\" target=\"_blank\" rel=\"noreferrer noopener\">contact our team via this page<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=inside_ti_feeds&amp;utm_term=161224&amp;utm_content=linktotiplans\" target=\"_blank\" rel=\"noreferrer noopener\">Get a 14-day free trial of ANY.RUN&#8217;s Threat Intelligence service \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN\u2019s Threat Intelligence (TI) feeds provide an invaluable solution for organizations seeking to detect and mitigate the latest malware and phishing campaigns, attacks, and cybercriminal tactics. But what exactly is inside these feeds, and how can they help companies strengthen their cybersecurity? Let\u2019s dive into the details. What Are ANY.RUN\u2019s Threat Intelligence Feeds? ANY.RUN\u2019s Threat [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":10460,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[57,10,15,34,40],"class_list":["post-10417","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-anyrun","tag-cybersecurity","tag-malware","tag-malware-analysis","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What&#039;s Inside ANY.RUN&#039;s Cyber Threat Intelligence Feeds? - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how you can expand your threat detection capabilities with fresh IOCs from ANY.RUN&#039;s Cyber Threat Intelligence Feeds.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"What&#8217;s Inside ANY.RUN&#8217;s Cyber Threat Intelligence Feeds?\",\"datePublished\":\"2024-12-16T12:58:44+00:00\",\"dateModified\":\"2025-09-29T06:00:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\"},\"wordCount\":1167,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware\",\"malware analysis\",\"malware behavior\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\",\"name\":\"What's Inside ANY.RUN's Cyber Threat Intelligence Feeds? - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-12-16T12:58:44+00:00\",\"dateModified\":\"2025-09-29T06:00:30+00:00\",\"description\":\"See how you can expand your threat detection capabilities with fresh IOCs from ANY.RUN's Cyber Threat Intelligence Feeds.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What&#8217;s Inside ANY.RUN&#8217;s Cyber Threat Intelligence Feeds?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What's Inside ANY.RUN's Cyber Threat Intelligence Feeds? - ANY.RUN&#039;s Cybersecurity Blog","description":"See how you can expand your threat detection capabilities with fresh IOCs from ANY.RUN's Cyber Threat Intelligence Feeds.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"What&#8217;s Inside ANY.RUN&#8217;s Cyber Threat Intelligence Feeds?","datePublished":"2024-12-16T12:58:44+00:00","dateModified":"2025-09-29T06:00:30+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/"},"wordCount":1167,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware","malware analysis","malware behavior"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/","url":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/","name":"What's Inside ANY.RUN's Cyber Threat Intelligence Feeds? - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-12-16T12:58:44+00:00","dateModified":"2025-09-29T06:00:30+00:00","description":"See how you can expand your threat detection capabilities with fresh IOCs from ANY.RUN's Cyber Threat Intelligence Feeds.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/inside-cyber-threat-intelligence-feeds\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"What&#8217;s Inside ANY.RUN&#8217;s Cyber Threat Intelligence Feeds?"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10417"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=10417"}],"version-history":[{"count":41,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10417\/revisions"}],"predecessor-version":[{"id":16102,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/10417\/revisions\/16102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/10460"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=10417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=10417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=10417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}